Nginx auth 关闭整个文件夹
Nginx auth off whole folder
我们正在尝试使用 nginx 在 Zandbox/test 站点上设置 Klaviyo。
但是当我启用 htpasswd 时,Klaviyo 无法从 SOAP 获取数据。
需要访问www.mytestdomain.com/api/v2_soap?wsdl=1获取数据。
如何禁用整个 api 文件夹的 auth_basic?我已经为一些 php 文件做了这个,但是因为这不是我不知道的特定 php 文件。我用于 php 个文件的代码是:
location = /folder/file.php {
auth_basic off;
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass zandbox;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
完整代码:
server {
listen 80;
server_name mydomain.dk www.mydomain.dk;
return 301 https://www.mydomain.dk$request_uri;
}
server {
listen 443 ssl;
server_name mydomain.dk;
ssl on;
ssl_certificate /etc/ssl/www_mydomain_dk.crt;
ssl_certificate_key /etc/ssl/www_mydomain_dk.key;
include /etc/nginx/ssl_common.conf;
return 301 https://www.mydomain.dk$request_uri;
}
server {
listen 443 ssl;
server_name www.mydomain.dk;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
location = /api/ {
auth_basic "off";
}
ssl on;
ssl_certificate /etc/ssl/www_mydomain_dk.crt;
ssl_certificate_key /etc/ssl/www_mydomain_dk.key;
include /etc/nginx/ssl_common.conf;
root /var/www/www.mydomain.dk/deployed/current;
add_header Access-Control-Allow-Origin "https://www.mydomain.dk";
add_header Access-Control-Allow-Origin "https://mydomain.dk";
include /etc/nginx/common.d/top_common.conf;
include /etc/nginx/common.d/locations.conf;
location ~ \.php$ {
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass mydomain;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
location = /bridge_xcxcdd.php {
auth_basic off;
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass mydomain;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
location = /api {
auth_basic off;
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass mydomain;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
}
好吧,我尝试了很多配置,最后一个成功了。主要学习不是将基本身份验证放在服务器块中,而是使用位置块。然后不在外部调用 php,而是使用嵌套块,因此可以继承限制。
下面我将展示一个只做回显的结构,你只需要按照这种方式修改你的配置
events {
worker_connections 1024;
}
http {
server {
listen 80;
satisfy any;
location / {
auth_basic "Restricted";
auth_basic_user_file /var/www/html/.htpasswd;
echo "Restricted URL";
location /api/ {
auth_basic "off";
echo "you reach /api";
location ~ \.php$ {
echo "You reached unauthenticated php";
}
}
location ~ \.php$ {
echo "You reached authenticated php";
}
}
location ~ \.php$ {
echo "You reached php";
}
}
}
下面是我的测试
$ curl -u tarun:tarun localhost/abc/test.php
You reached authenticated php
$ curl -u tarun:tarun localhost/test.php
You reached authenticated php
$ curl localhost/test.php
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>openresty/1.11.2.2</center>
</body>
</html>
$ curl localhost/api/test.php
You reached unauthenticated php
$ curl localhost/api/test
you reach /api
我们正在尝试使用 nginx 在 Zandbox/test 站点上设置 Klaviyo。
但是当我启用 htpasswd 时,Klaviyo 无法从 SOAP 获取数据。 需要访问www.mytestdomain.com/api/v2_soap?wsdl=1获取数据。
如何禁用整个 api 文件夹的 auth_basic?我已经为一些 php 文件做了这个,但是因为这不是我不知道的特定 php 文件。我用于 php 个文件的代码是:
location = /folder/file.php {
auth_basic off;
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass zandbox;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
完整代码:
server {
listen 80;
server_name mydomain.dk www.mydomain.dk;
return 301 https://www.mydomain.dk$request_uri;
}
server {
listen 443 ssl;
server_name mydomain.dk;
ssl on;
ssl_certificate /etc/ssl/www_mydomain_dk.crt;
ssl_certificate_key /etc/ssl/www_mydomain_dk.key;
include /etc/nginx/ssl_common.conf;
return 301 https://www.mydomain.dk$request_uri;
}
server {
listen 443 ssl;
server_name www.mydomain.dk;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
location = /api/ {
auth_basic "off";
}
ssl on;
ssl_certificate /etc/ssl/www_mydomain_dk.crt;
ssl_certificate_key /etc/ssl/www_mydomain_dk.key;
include /etc/nginx/ssl_common.conf;
root /var/www/www.mydomain.dk/deployed/current;
add_header Access-Control-Allow-Origin "https://www.mydomain.dk";
add_header Access-Control-Allow-Origin "https://mydomain.dk";
include /etc/nginx/common.d/top_common.conf;
include /etc/nginx/common.d/locations.conf;
location ~ \.php$ {
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass mydomain;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
location = /bridge_xcxcdd.php {
auth_basic off;
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass mydomain;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
location = /api {
auth_basic off;
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass mydomain;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
}
好吧,我尝试了很多配置,最后一个成功了。主要学习不是将基本身份验证放在服务器块中,而是使用位置块。然后不在外部调用 php,而是使用嵌套块,因此可以继承限制。
下面我将展示一个只做回显的结构,你只需要按照这种方式修改你的配置
events {
worker_connections 1024;
}
http {
server {
listen 80;
satisfy any;
location / {
auth_basic "Restricted";
auth_basic_user_file /var/www/html/.htpasswd;
echo "Restricted URL";
location /api/ {
auth_basic "off";
echo "you reach /api";
location ~ \.php$ {
echo "You reached unauthenticated php";
}
}
location ~ \.php$ {
echo "You reached authenticated php";
}
}
location ~ \.php$ {
echo "You reached php";
}
}
}
下面是我的测试
$ curl -u tarun:tarun localhost/abc/test.php
You reached authenticated php
$ curl -u tarun:tarun localhost/test.php
You reached authenticated php
$ curl localhost/test.php
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>openresty/1.11.2.2</center>
</body>
</html>
$ curl localhost/api/test.php
You reached unauthenticated php
$ curl localhost/api/test
you reach /api